Lucene search

[email protected]NVD:CVE-2023-31458

HistoryMay 24, 2023 - 9:15 p.m.

CVE-2023-31458

2023-05-2421:15:11

[email protected]

web.nvd.nist.gov

cve-2023-31458

edge gateway

mitel mivoice connect

unauthenticated attacker

administrative privileges

internal network access

password change

arbitrary configuration changes

arbitrary commands

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

Affected configurations

Nvd

Node

mitelmivoice_connectRange≤22.24.1500.0

VendorProductVersionCPE
mitelmivoice_connect*cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitel	mivoice_connect	*	cpe:2.3:a:mitel:mivoice_connect::::::::

References

www.mitel.com/support/security-advisories

www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

Related for NVD:CVE-2023-31458

prion1 cvelist1 cve1